Using this service you can verify that the device you will receive actually was made by 13-37.org electronics.
If you don’t like to use the reCAPTCHA, send me your serial via (PGP encrypted) email, including your public key if you want an encrypted answer.

If you spot bugs or have ideas for improvements or concerns, please let me know!

First 25 early-bird orders shipped!

If you’re one of the first 25 early-birds backers: these don’t have the (just unlocked) imprinted security labels yet.

Honestly, I did not expect the 5000$ goal this fast and am quite busy preparing everything for it to happen in time.

You will receive a hand-signed packing note instead. And it doesn’t really matter if your device has the security label as the serial number is also stored on the USB chip. But it adds another layer of tamper-proofness and an easy way to verify your device is genuine.

I want to look inside!

You can remove the label to take a look inside, as its just an additional layer for proof of authenticity - Warranty is NOT void - but be careful with the enclosure and USB connector when opening it! I have to admit there are cleaner ways to open the enclosure as seen in the campaign - especially with some practice.

Even if there is no known attack vector in which tampering of the hardware would remain undetected by the driver, I still recommend applying a new (custom) label to regain some tamper-proofness.

How can it have a serial number at all?

The USB chip has no reprogrammable logic, but still offers us access to an EEPROM to save application or USB specific data
like the Vendor- and Product-ID’s as well as an usually factory programmed serial number (i.e. DM00WOEF)

In the first place, I did not want to change the EEPROM settings at all and just use the “unique” serial numbers from FTDI. But as we’ve been getting close to the 5000$ goal so fast, I continued working on the workflow to create the labels.

It turned out to be very complicated to read-out the actual serial number and print (super-small) labels one by one. And I wasn’t so sure about the uniqueness of FTDI’s serial numbers.
Thats why a new serial number is assigned from a database of pregenerated ones right after the final production test has passed.
The dataset of the specific serial number is completed with the test results, a batch number, the “unique” FTDI serial and a timestamp.

By integrating this into the automated workflow of device testing I just need to put the right label onto the device (and my script tells me which one goes where).

Can I restore the original serial?

Yes you can!
Using the FTDI FT_Prog utility for Windows this is pretty easy.
There is also a command line tool ftdi_eeprom included in the fully open-source FTDI driver that I’m using in the production workflow - buts its very low-level.

If you have removed the security label (or did not have one), write down your original serial number before you continue, otherwise you might loose it forever. There is no way for me to associate the serial numbers to purchases, so I won’t be able to help you. Warranty claims are of course still possible, as long as you have the invoice/order receipt - or just something.

Make it an look like the FT240

For a more stealth operation you may want it to look like a default FTDI FT240 USB FIFO device.

You can revert all changes made during the final production test. These are:

USB Vendor-ID

USB Product-ID

Manufacturer

Description

length of serial number

original

0x0403

0x6015

FTDI

FT240 USB FIFO

8 chars

post-production

0x0403

0x6015

13-37.org

Infinite Noise TRNG

13 chars

Generated configuration files for both configurations can be downloaded using the verification tool.

Safe - using Windows

Grab the XML file to restore the EEPROM with your devices default identifiers and serial and flash it using FT_Prog.

Safe - using Linux

To get started with the command line tool, you can also download a cleartext config file for use with ftdi_eeprom.
Its also pre-filled with the original values from FTDI. Or start from scratch using the provided example.

Unsafe

You can also receive your device’s original serial number through the online verification tool and use FT_Prog or ftdi_eeprom manually. FT_Prog is not fully open source and you can make mistakes by doing manual edits. Not recommended!

Customize it!

You can change all strings of the USB descriptor and the driver will still recognize it. Just don’t do it too often, as the EEPROM has limited write cycles. Also keep in mind it has only 256 bytes in total.

The USB Vendor- and Product-IDs from FTDI have not been changed by me and I can’t recommend doing so, unless you really know what you’re doing. Warranty may be void and the device may be rendered useless!